CERT Coordination Center

Vulnerability Disclosure Guidance

What is Vulnerability Coordination?

During vulnerability coordination, multiple stakeholders analyze a vulnerability to be able to disclose it to the public and provide guidance on how to mitigate or fix it.

A vulnerability is difficult to define. It can be thought of as a flaw in software or hardware components that allows an attacker to perform actions that wouldn't normally be allowed. The impact of such vulnerabilities varies greatly. They may allow the attacker to learn someone's private email address, take control of a computer, or even cause physical damage and bodily injury.

At CERT/CC, our goal is to coordinate with the various stakeholders and make sure the vulnerability is addressed accordingly and that the correct information reaches the public.